Closed (fixed)
Project:
Node Images
Version:
4.7.x-1.x-dev
Component:
User interface
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
4 Jan 2007 at 13:57 UTC
Updated:
4 Feb 2007 at 03:12 UTC
Jump to comment: Most recent file
Comments
Comment #1
stefano73 commentedActually I can't figure out why a user who can upload images should not be allowed to delete those images. What if a user uploads a wrong image? He wouldn't be able to delete it.
I think that a user who can update a node should have no restriction on the images uploaded for that node. If you take a look at the permissions in upload.module, you'll see "upload files" and not "delete uploaded files".
Comment #2
marcoBauli commentedpersonally i think a 'delete images' permission is usefull to prevent dull hackers or unfair competitors to ruin a site by deleting it's pictures, as well as to prevent users from deleting them accidentally (both are 2 situations that unfortunately are very likely to happen)
good point.. admins or moderators can delete it, or even better maybe there could be a third 'delete own images' permission ;P ?
Comment #3
stefano73 commentedI disabled the "delete" checkboxes for users who don't have the permission to delete the node (when user_acess("delete", $node) is FALSE). This way users who are not allowed to delete nodes won't be allowed to delete node images as well.
Comment #4
stefano73 commentedI made a mistake, sorry. The correct function to test node access is node_access(), not user_access().
Updated patch attached.
Comment #5
stefano73 commentedNew patch attached.
Comment #6
stefano73 commentedCommitted to CVS.